3.
Cryptography <ul><li>Definition – the art of writing or solving codes </li></ul><ul><li>Origins in ancient Egypt </li></ul><ul><li>Use in religious writings in times of persecution </li></ul><ul><li>Important military role in both World Wars </li></ul><ul><li>Rise of modern cryptography in last half-century </li></ul>

4.
Secret-key Cryptography <ul><li>Also known as symmetric cryptography </li></ul><ul><li>Users have unique public keys, but identical private keys </li></ul><ul><li>Public keys are used to encrypt a message </li></ul><ul><li>Private keys are used to decrypt a message </li></ul>

5.
Secret-key Cryptography <ul><li>Not ideal because it requires a secure exchange of private keys, which is not always possible </li></ul><ul><li>Problematic as the compromise of one private key results in all private keys being compromised </li></ul>

7.
Public-key encryption <ul><li>Intended recipient gives sender his or her public key </li></ul><ul><li>Sender encrypts a message with the recipient’s public key </li></ul><ul><li>Only the recipient’s private key can be used to decrypt a message encrypted with that public key </li></ul>

8.
Digital Signatures <ul><li>Serves as a verifiable seal or signature to confirm the authenticity of sender and integrity of the message </li></ul><ul><li>Sender encrypts a message with his or her private key for authentication purposes </li></ul><ul><li>Recipient can decrypt the message with the sender’s public key to confirm the sender’s identity and the message’s integrity </li></ul>

9.
Digital Signatures <ul><li>Provide no time stamping </li></ul><ul><li>The compromise of a sender’s private key throws all of the sender’s digital signatures into doubt </li></ul><ul><li>Because of the lack of time stamping, all messages signed with that key are thrown into doubt </li></ul>

10.
Vulnerabilities <ul><li>Public-key algorithms require longer key sizes than secret-key algorithms, and can be vulnerable to brute-force attacks </li></ul><ul><li>Man in the middle attack </li></ul><ul><ul><li>Third party intercepts message </li></ul></ul><ul><ul><li>After decrypting, modifying, and encrypting message, third party passes message along to intended recipient without suspicion </li></ul></ul>

11.
Certificate Authorities <ul><li>Trusted third party that verifies identity of sender and issues digital certificate indicating authorization </li></ul><ul><li>Has been implemented in web browsing security such as SSL </li></ul><ul><li>Helps prevent man in the middle attacks </li></ul>